Arbitrary Command Execution in Intel Alert Management System (AMS)

Arbitrary Command Execution in Intel Alert Management System (AMS)

CVE-2011-0688 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information.

Learn more about our Cis Benchmark Audit For Server Software.